In September 2017, the Securities and Exchange Commission (SEC) implemented two initiatives to combat cybersecurity threats and secure the interests of retail investors; the Cyber Unit and the Retail Strategy Task Force. The Cyber Unit, collaborating with the Enforcement Division, targets misconduct on the market such as: market manipulation, hacking non-disclosed information, cyber intrusions and threats on trading platforms and investor accounts, and violations pertaining to blockchain technology and initial coin offerings.[1] The Retail Strategy Task Force specifically aims to protect the interests and welfare of retail investors by identifying market misconduct such as fraud. Stephanie Avakian, Co-Director of the SEC Enforcement Division explains that “[c]yber-related threats and misconduct are among the greatest risks facing investors and the securities industry.”[2] These two initiatives facilitate the SEC in detecting early signs of market misconduct and manipulation.
How can investors protect themselves? Investors should be familiar with the fundamentals of cybersecurity in order to further safeguard their information. In the age of the internet, investors often opt in to receiving information from their broker-dealers online. It is important to know how to respond to suspicious emails or phishing attempts to protect online investment accounts. For instance, if an investor receives an email from their broker regarding a compromise of their account information, before responding to the email or clicking on the provided link, investors should contact their brokers using the contact information on the broker’s website.
How can investors ensure their information is secure on their smart phones and tablets? Make sure that online investment accounts that can be accessed via smartphone applications are password protected and that all apps are up to date. Phones and tablets should be automatically secured by passwords or biometric safeguards, such as thumbprints. Add apps that will allow you to find your phone if it gets lost or stolen and to erase data from phones remotely. The SEC recommends turning off the automatic Wi-Fi setting, particularly in public areas. Instead investors should manually select which Wi-Fi network they want to connect to. If you need to use public Wi-Fi in a café or park, you should use SSL-secured sites only. Browsers such as Google Chrome will specify whether sites are secure, not secure or dangerous. For additional security measures, you can also download apps created for phones and tablets to prevent and detect viruses or malware.
In case an investor’s online investment account has suspicious or unauthorized activity it is important to immediately notify the brokerage or investment firm. Investors typically have two options, either change the passwords associated with the account or close the account and transfer any assets to a new account.[3] Unauthorized access is typically a result of a data breach or identity theft. To prevent unauthorized access, investors should regularly monitor online investment accounts and credit reports.
“The cloud” allows smartphone, tablet and computer users to easily store and access their information on all devices. To protect sensitive information, such as account numbers and passwords, ensure your cloud provider uses verification and encryption methods or simply do not store those documents online.
Take the SEC’s five question quiz here to see if you are cyber-savvy.
[1] Securities and Exchange Commission. (Sept. 25, 2017) “SEC Announces Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors.” SEC. Available at: https://www.sec.gov/news/press-release/2017-176. Accessed on Dec. 22, 2017.
[2] Ib.
[3] Securities and Exchange Commission. (Sept. 22, 2015) “Investor Alert: Identity Theft, Data Breachesyou’re your Investment Accounts.” Invester.gov. Available at: https://www.investor.gov/additional-resources/news-alerts/alerts-bulletins/investor-alert-identity-theft-data-breaches-your. Accessed on Dec. 22, 2017.